Download Device Drivers - EMU CMPE Home Page

Device Drivers
We use materials from
Art Baker, Jerry Lozano, The Windows 2000 Device Driver Book. A Guide for
Programmers. 2nd Edition, 2001, Prentice Hall PTR, Upper Saddle River, New Jersey,
07458, ISBN 0-13-020431-5, 446 p.
Svetlana Sorokina, Andrey Tihonov, Andrey Scherbakov, Drivers Programming and
Security Systems, St-Petersburg, BHV-Petersburg, Moscow, Izdatel Molgacheva S.V.,
2002, 256 p., ISBN 5-94157-263-8 (in Russian)
Device Drivers are special programs which are used for organization of access to external
devices. In MS DOS they have more simple structure than in Windows. Let’s consider
Device Drivers for Windows 2000 operating system, same concepts are used in Windows
NT, XP, similar principles were used in Wndows 95, 98, so these may be viewed as
Windows32 (32-bit operating systems), but we shall use Windows NT/2000 for our
considerations.
Overall structure of OS Windows NT/2000 is given in the figure below:
User Mode
_____________________________________________________________________
Kernel Mode
IO Manager
Device
Drivers
Executive Components
Kernel
Hardware Abstraction Layer (HAL)
Hardware Platform
Figure 1. The layers of the Windows NT/2000 operating system.
We shall refer to Intel processors, which in the protected mode provide 4 levels of
security (privileges) of execution of programs (4 privilege rings, numbered 0,1,2,3, 0 ring
of the highest privilege, security). Windows NT/2000 uses 0th and 3rd rings of privileges:
0th – for Kernel mode parts of OS, and users applications and some parts of OS run on the
3rd ring of privilege. Protected mode provides means for multitasking and segmented and
paged virtual memory. Each user task gets 4G bytes of virtual address space. Maximal
size of segment is 4Gb, size of page is 4Kb. States of tasks are saved in special Task State
Segments (Process Control Block, states of registers). TSS also has Input-Output Map
showing for each of possible 64K input-output ports possibility of access to it.
Windows NT/2000 is characterized by:
- model of modified micro-kernel
- emulation of several OS
- independence from processor architecture
- object model
- multithreading
- preemptive multitasking
- virtual memory with loading of pages by demand
- multiprocessor mode
- support of networking
Idea of microkernel is to execute all components of OS (excepting small number,
microkernel itself) as users’ processes. Microkernel components execute in the
privileged mode. Windows NT/2000 uses approach known as modified microkernel,
which is intermediate between pure microkernel and monolithic OS. In this approach,
Environmental and Integral Subsystems work in the user mode.
Environmental Subsystems provide Application Programming Interface (API) as
required by several OS (Windows32, Windows 3.x, POSIX, OS/2, DOS).
Windows32 subsystem is a native and is used as a server for implementation of other
APIs (for example, psxdll.dll is used by POSIX programs). Environmental Subsystem
Windows32 is implemented by kernel32.dll, user32.dll, gdi32.dll and other client dlls,
and server process – csrss.exe (Client/Server Runtime SubSystem). Control of
windows and messages are provided by user32.dll, graphics – by gdi32.dll, basic
services, as input/output, processes and threads management, memory management,
synchronization – by kernel32.dll. Since NT 4.0 USER and GDI functions have been
moved to kernel mode. Kernel mode code which implements USER and GDI
functions resides in win32k.sys module (user mode side is csrss.exe).
Integral Subsystems include: The Security Subsystem, The Service Control Manager
(manages daemon processes and device drivers), The RPC Locator and Service
processes give support to applications distributed across the network.
Executive Components are: Object manager – manages resources and implements
global names space; Security Reference Monitor – implements security on the base of
Security Identifiers (SID) and Discretionary Access Control List (DACL); Virtual
Memory Manager – defines address space of the process and manages physical
memory; I/O Manager – provides interface between applications and device drivers;
Cache Manager – manages global file cache; Local Procedure Call Facility – provides
effective inter-processes communications; Configuration Manager – controls registry;
Processes Manager – responsible for creation and deletion of processes and threads;
Win32 Support – implements windows management (messages and graphics); Plugand-Play manager – monitors switching on/off of devices; Power Manager – controls
power supply; Executive Support – responsible for queuing, control of system
memory and system work threads.
Kernel (ntoskrnl.exe for uni-processors, ntkrnlmp.exe – for multiprocessors) is
responsible for interruptions handling, scheduling of threads, inter-processes
synchronization. Device drivers and executive components call kernel procedures,
identifiers of which have prefix Ke(rnel). Kernel exports dispatcher objects and
control objects. Dispatcher objects are used for scheduling and synchronization and
have attribute, determining its state – free or busy. Dispatcher objects are: events,
mutexes, semaphores, timers. Control objects are used to control system operations,
they are: APC (Asynchronous Procedure Call) object – has entry point of the
asynchronous procedure and pointer to thread which is to run this procedure; DPC
(Deferred Procedure Call) object – contains address of the deferred procedure;
Interruption object establishes correspondence between interruption vector and
Interrupt Service Routine (ISR) of the device driver. Functions of kernel strongly
depend on the hardware.
Hardware Abstraction Layer (HAL) is a thin layer of code interfacing between kernel
and directly hardware (processor, buses, devices). It resides in hal.dll. Procedures of
HAL has identifiers with prefix Hal. HAL provides independence from hardware.
Usage of Memory
Memory in Windows NT/2000 uses flat model, each segment having size of 4G.
Main types of segments are:
Selector Usage
Base
Limit
DPL
Type
Hex
08
Code32 0000 0000 ffff ffff
0
RE
10
Data32
0000 0000 ffff ffff
0
RW
1b
Code32 0000 0000 ffff ffff
3
RE
23
Data32
0000 0000 ffff ffff
3
RW
System address space – 2-4G (highest 2 Gb), range – 0-2G – user address space.
System space is one and the same for all processes.
System address space has the following structure:
HAL
0xffff
ffff
Crash dump
information
Non-paged pool
Paged pool
Cache Manger
Mapped View
Cache Manger
Hyperspace
Page Directory
Page Table
Memory Mapped
Files
OS image
0x8000
0000
Priority System
Windows NT/2000 has 2-level system of priorities:
- high level – Interrupt ReQuest Level (IRQL), which are controlled by hardware
interruptions
- low level – schedule priorities, controlled by dispatcher
Generated by
IRQL name
Purpose
Hardware
HIHGEST_LEVEL
Machine checks and bus
POWER_LEVEL
IPI_LEVEL
CLOCK2_LEVEL
CLOCK1_LEVEL
PROFILE_LEVEL
DIRQLs
Software
DISPATCH_LEVEL
APC_LEVEL
PASSIVE_LEVEL
errors
Power fail interrupts
Interprocessor door-bell for
MP systems
Interval clock 2
Interval clock 1
Profiling timer
Platform dependent number
of levels for I/O device
interrupts
Thread schedule and
deferred procedure call
execution
Asynchronous procedure
call execution
Normal thread execution
level
Each thread gets priority in the range 0-31 (lowest priority 0 is for Zero Page Thread
background process).
Real-time priorities – 16-31
Dynamic priorities – 0-15
Threads of real-time priority are interrupted only when appears process of the higher
priority. Such processes are to yield control by themselves.
For processes with dynamic priorities, dispatcher may increase priority of long
waiting process.